Subscribe to the Global Banking & Finance Review Newsletter for FREE Get Access to Exclusive Reports to Save Time & Money

By using this form you agree with the storage and handling of your data by this website. We Will Not Spam, Rent, or Sell Your Information. All emails include an unsubscribe link. You may opt-out at any time. See our privacy policy.

Most enterprises did not expect to be fully compliant by the May 25 deadline

Only 39% of the respondents reported having a well-defined plan to be GDPR compliant by the May 25 deadline, while 5% reported that they were already compliant. The majority (55%) did not expect to make the compliance deadline. Of them, 17% had no clear compliance plan, while 38% expected to achieve only partial compliance.

Technology makes a big difference to GDPR readiness

More than half of the respondents (53%) who have implemented GRC solutions reported that they would be GDPR compliant by the May 25 deadline. On the other hand, only 40% of the respondents who use spreadsheet-based processes reported that they would meet the deadline.

70% of the respondents using GRC solutions for GDPR compliance also indicated being either confident or highly confident that their data protection programme would stand up to legal scrutiny by regulators and courts. In comparison, less than a quarter of the respondents (23%) using spreadsheet-based processes, point solutions, or business process management solutions, reported similar levels of confidence in their data protection programmes.

Readiness for an onslaught of data subject complaints and rights requests is low

GDPR gives data subjects multiple rights. Yet, fewer than 40% of the respondents reported that their enterprises are prepared or fully prepared to manage data subject complaints or requests around more complex rights, including the right to erasure, the right to restrict processing, and the right to data portability.

Other findings

Just 50% of the respondents reported being ready to complete assessments of all third parties that have access to personal data by the May 25 deadline

86% of the respondents expect their GDPR budgets to stay the same or increase

66% of the respondents reported improved data governance as the biggest long-term benefit of GDPR compliance

“GDPR is finally here, and with it a fundamental change in how companies execute on good data governance,” said French Caldwell, chief evangelist, MetricStream. “While the first year of compliance is likely to be a period of adjustment, enterprises cannot afford to be complacent. Our research shows that those with a well-implemented GRC programme will have an edge when it comes to meeting these new requirements. Technology will also be important in building a future-ready, sustainable GDPR programme that will drive business success in 2018 and beyond.”